Gerenciamento de Firewalls em Redes Híbridas

  • Maurício Fiorenza UNIPAMPA
  • Diego Kreutz UNIPAMPA
  • Rodrigo Mansilha UNIPAMPA

Resumo


O gerenciamento de firewalls é um processo desafiador em redes híbridas, pois envolve aplicar políticas de segurança em soluções tradicionais (e.g., Cisco NGFW, IPTables) e emergentes (e.g., OpenFlow, P4, e POF). Neste trabalho é proposta e discutida uma arquitetura, organizada em uma pilha de camadas, para gerência integrada de firewalls em redes híbridas. Como prova de conceito, foi implementado um protótipo que gera a configuração de regras para diferentes soluções de firewall. O protótipo foi avaliado experimentalmente através de testes de continuidade de tráfego (bloqueio e liberação) e limite de tráfego (traffic shaping).

Referências

Abdallah, S., Elhajj, I. H., Chehab, A., and Kayssi, A. (2017). Fuzzy decision system for technology In Fourth International Conference on Software Defined Systems (SDS), choice in hybrid networks. pages 106–111. IEEE.

Behringer, M. H., Pritikin, M., Bjarnason, S., Clemm, A., Carpenter, B. E., Jiang, S., and Ciavaglia, L. (2015). Autonomic Networking: Definitions and Design Goals. RFC 7575. Bosshart, P., Daly, D., Gibb, G., Izzard, M., McKeown, N., Rexford, J., Schlesinger, C., Talayco, D., Vahdat, A., Varghese, G., et al. (2014). P4: Programming protocol-independent packet processors. ACM SIGCOMM Computer Communication Review, 44(3):87–95.

Caprolu, M., Raponi, S., and Di Pietro, R. (2019). Fortress: an efficient and distributed firewall for stateful data plane sdn. Security and Communication Networks, 2019.

Datta, R., Choi, S., Chowdhary, A., and Park, Y. (2018). P4Guard: Designing P4 based firewall. In IEEE Military Communications Conference (MILCOM), pages 1–6. IEEE.

Esposito, F., Wang, J., Contoli, C., Davoli, G., Cerroni, W., and Callegati, F. (2018). A behavior-driven approach to intent specification for software-defined infrastructure management. In IEEE Conference on NFV-SDN, pages 1–6. IEEE.

Fiessler, A., Lorenz, C., Hager, S., and Scheuermann, B. (2018). FireFlow-high performance hybrid SDNfirewalls with OpenFlow. In IEEE 43rd Conference on Local Computer Networks (LCN), pages 267– 270. IEEE.

Hu, H., Han, W., Ahn, G.-J., and Zhao, Z. (2014). FLOWGUARD: building robust firewalls for software-defined networks. In Proceedings of the third workshop on Hot topics in software defined networking, pages 97–102.

Jacobs, A. S., Pfitscher, R. J., Ferreira, R. A., and Granville, L. Z. (2018). Refining network intents for selfdriving networks. In Proceedings of the Afternoon Workshop on Self-Driving Networks, pages 15–21.

Kreutz, D., Ramos, F. M., Verissimo, P. E., Rothenberg, C. E., Azodolmolky, S., and Uhlig, S. (2014). Software-defined networking: A comprehensive survey. Proceedings of the IEEE, 103(1):14–76.

McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., and Turner, J. (2008). OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Computer Communication Review, 38(2):69–74.

Morzhov, S., Alekseev, I., and Nikitinskiy, M. (2016). Firewall application for Floodlight SDN controller. In International Siberian Conference on Control and Communications, pages 1–5. IEEE.

Othman, W. M., Chen, H., Al-Moalmi, A., and Hadi, A. N. (2017). Implementation and performance analysis of SDN firewall on pox controller. In IEEE 9th International Conference on Communication Software and Networks (ICCSN), pages 1461–1466. IEEE.

Sinha, Y., Haribabu, K., et al. (2017). A survey: Hybrid SDN. Journal of Network and Computer Applications, 100:35–55.

Song, H. (2013). Protocol-oblivious forwarding: Unleash the power of SDN through a future-proof forwarding plane. In Proceedings of the 2nd ACM SIGCOMM workshop on HotSDN, pages 127–132.

Sun, Q., LIU, W. S., and Xie, K. (2019). An Intent-driven Management Framework. Internet-draft, Internet Engineering Task Force. Work in Progress.

Vörös, P. and Kiss, A. (2016). Security middleware programming using p4. In Human Aspects of Information Sec., Privacy, and Trust, pages 277–287. Springer.

Yang, L., Anderson, T. A., Gopal, R., and Dantu, R. (2004). Forwarding and Control Element Separation (ForCES) Framework. RFC 3746.

Zerkane, S., Espes, D., Le Parc, P., and Cuppens, F. (2016). A proactive stateful firewall for software defined networking. In International Conference on Risks and Security of Internet and Systems, pages 123–138. Springer.

Zkik, K., El Hajji, S., and Orhanou, G. (2019). Design and implementation of a new security planee for hybrid distributed sdns. Journal of communications., 14(1):26–32.
Publicado
13/10/2020
FIORENZA, Maurício; KREUTZ, Diego; MANSILHA, Rodrigo. Gerenciamento de Firewalls em Redes Híbridas. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 20. , 2020, Petrópolis. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2020 . p. 490-495. DOI: https://doi.org/10.5753/sbseg.2020.19260.

##plugins.generic.recommendByAuthor.heading##

<< < 1 2 3 4